Daily Malicious Code Scanner
securityimported
Installation
$
npx agenticloops install daily-malicious-code-scanSummary
Scans the last 3 days of code changes daily for supply-chain and malicious patterns, raising code-scanning alerts.
- Runs Daily, on any harness.
- Uses skills:
security,code-review,github. - Needs
cli gh,secrets GITHUB_TOKEN— checked at install; secrets are prompted, never in the file. - Runs at the standard capability tier (balanced model); the harness picks the model.
What it does
Daily, analyze code changes from the last 3 days for suspicious patterns indicating malicious activity or supply-chain compromise, and create code-scanning alerts for anything suspicious.
LOOP.md
--- name: daily-malicious-code-scan description: Daily Malicious Code Scanner · Scans the last 3 days of code changes daily for supply-chain and malicious patterns, raising code-scanning alerts. schedule: daily @ 05:00 skills: [security, code-review, github] requires: cli: [gh] secrets: [GITHUB_TOKEN] # names only tier: standard # frontier | standard | fast effort: medium concurrency: skip tags: [security, dev, github] license: MIT --- Daily, analyze code changes from the last 3 days for suspicious patterns indicating malicious activity or supply-chain compromise, and create code-scanning alerts for anything suspicious.